> 1. With iptables -I you would usually need to specify a rule number > where to insert your new rule. Instead use iptables -A to add the rule > to the end of the chain. i have done that properly > > 2. I see 2 different MAC addresses for 1 machine? You 100% sure that's > ok and that the machine in question uses these two MAC's and they are > not from other machines? yes both should be the same mac address . > 3. Post the output of iptables -L (-nv). > > -Sietse > > > > I have an dhcp server and i want to block a particular mac address > (that > pc is virus infected) from using my dhcp service so that it will not > get > any valid ip address. > > for that i have used > > /sbin/iptables -I INPUT -i eth2 -p all -m mac --mac-source > 00:02:E3:34:EA:77 -j DROP > > or > > /sbin/iptables -I INPUT -i eth2 -p udp --dport 67:68 -m mac > --mac-source > 00:05:5D:4A:8A:3B -j DROP > > while the iptables rule match count do increase but the pc is still > getting ip address from my dhcp server which is seen from dhcpd log > file. > > does the packet goes to dhcp service before going to iptables stack? > I am using redhat 9 with dhcp-3.0pl1-23 dhcp server. > > Thank you > > ------------------------------------------------- DISCLAIMER --------------------------------------------------------- This email is intended for the exclusive use by the person(s) mentioned as recipient(s) and may contain information that is confidential and/or privileged.This email does not constitute any commitment from Nepal Bank Limited or its subsidiaries except when expressly agreed in a written agreement between the intended recipient and Nepal Bank Limited or its subsidiaries. If you receive this email by mistake, please notify the sender or notify by emailing at postmaster@xxxxxxxxxxxxxxxx and delete this email immediately from your system and destroy all copies of it. You may not, directly or indirectly, use, disclose, distribute, print or copy this email or any part of it if you are not the intended recipient.
